« Previous post
Next post »

April 24, 2008

FirewallScript Provides PHP-Based Protection

Jason Kincaid

17 comments »

FirewallScript has just launched a software-based security service that can be used on any server that supports PHP5, and even provides support for shared hosts.

The firewall is very similar in function to the popular open source firewall ModSecurity, but according to co-founder Ron Myers, there are some important differences. For one, a ModSecurity installation is server-wide, meaning that nobody on a shared hosting plan is able to install or modify its settings. This inevitably leads to problems, because ModSecurity tends to take a generalized approach to protection which may conflict with valid applications run by users who are unable to disable it.

In contrast, FirewallScript can be installed by any user on a server, even under a shared hosting plan. All users can install or modify their security settings at will, and FirewallScript offers ‘Rule Packs’ which are pre-configured for certain web apps like WordPress and vBulletin. This allows users to tailor their security to cover things that applications like ModSecuity may have mishandled. Installation is also a breeze, requiring only a simple install script and a minimal amount of technical knowlege.

I think that FirewallScript could have a place in the market, given that the vast majority of small-time sites are hosted on cheap shared hosting plans. But I question how many people will be unsatisfied with the security their plans already provide, or how many will care about security to begin with. For those that are interested, enter the code ‘techcrunch’ for 50% off the normal price of $85.

CrunchBase Information
Firewall Script
Information provided by CrunchBase
  • Sphere It

This entry was posted on Thursday, April 24th, 2008 at 5:40 pm and is filed under Company & Product Profiles. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Trackbacks/Pings (Trackback URL)

  1. FirewallScript lanza software con servicios de seguridad

    April 25th, 2008 at 12:11 pm

  2. TechCrunch Japanese アーカイブ » FirewallScript、PHPベースのソフトウェア・ファイアウォール

    April 25th, 2008 at 1:28 pm

  3. Wordpress je najlepší CMS na svete : M+M+M+M (4M)

    April 29th, 2008 at 6:32 am

Comments

RSS feed for comments on this post.

  1. Marwan

    April 24th, 2008 at 6:03 pm

    Amazing, just amazing.

  2. Trav

    April 24th, 2008 at 6:04 pm

    I still think ModSecurity is better!

  3. Josh

    April 24th, 2008 at 6:06 pm

    You’re so wrong Trav, ModSecurity is outdated, it’s nice to finally have a fresh face for those of us who need a good solution on shared hosting! This gets my vote.

  4. Peter Urban

    April 24th, 2008 at 6:09 pm

  5. Kevin

    April 24th, 2008 at 6:13 pm

    @4 - Technically, Techcrunch itself is on shared hosting. What if they wanted a web application firewall? Tough shit?

  6. linuxamp

    April 24th, 2008 at 9:24 pm

    Damn, I read this article thinking, I’m gonna install this thing right now, then I got to the bottom and realized it wasn’t free. With all the comparison to modsec I kept thinking this thing was free and open source.

  7. Arno

    April 24th, 2008 at 10:19 pm

    Wrong business model, make that open source and top it with professional commercial services, klabang there you go.

    Picking Mambo over Joomla! makes me wonder how up to date this service is.

    Arno

  8. Steve

    April 25th, 2008 at 12:51 am

    Whilst it might look good, it wont do any good. There are many firewall packages that are complied code and run fast enough to not cause any
    overhead to the system.
    The idea to be user based config is good but it will add i guess an extra 50-100 ms to the site.

  9. Scot

    April 25th, 2008 at 1:55 am

    After seeing this was not open source I went hunting on the web and found this:

    http://munin.xqus.com/

    :)

  10. Richard (Aventure Host)

    April 25th, 2008 at 6:56 am

    As a web hosting company, we know that 99.999% of customers don’t consider the security risks contained in script installation, and for them to personally go out and purchase an $85 script, I can’t see it happening.

    If mod_security is configured correctly, with a good ruleset it ultimately provides better security (server wide instead of domain wide) than this could.

    @Josh , mod_security is based on rule sets, exactly the same as this script, so if you think that mod_security is outdated, you’ve just classed a product which runs on the same type of rules as outdated ;)

  11. Richard Harrison

    April 25th, 2008 at 7:20 am

    Are you kidding? An $85 script that “guarantees 100% security”.

    I’ll give away the secret of 100% protection for free: unplug your server from the internet.

    Jason, did you check out their testimonials?

    “People think my site is weird because it’s about the supernatural. But they’re out there! Sometimes the extraterrestrial see our website and try to hack it to avoid the information we reveal about them.”

  12. bannerreviews.com

    April 25th, 2008 at 8:13 am

    While the company says this is great for shared web hosting environments, I wonder what kind of load it would generate for each and every page view, in addition to regular page loads.

    You also have to put a ‘copyright’, or notice on your page saying you use the product, which is just inviting trouble.

  13. Kevin

    April 25th, 2008 at 10:33 am

    @10 - How can Modsec be used with tight rules, when the admin cant control whats on his server? You cant globally disallow the word “Javascript” in the URL bar, because some legit scripts might use it. With this software, the admin knows exactly what he has, and can narrow down security to be much tighter than a server admin could, hence why it beats modsec in many areas. Modsec has to be vague and general (Especially on shared hosting) or it would cause so many errors with users installed scripts it wouldnt be funny. This does not.

  14. Richard

    April 25th, 2008 at 1:35 pm

    So users are expected to know what coding elements aren’t used in the scripts that are installed so they can add them in to the firewall php script?

    I’ve set to see a single exploit attempt in the last 6 years which uses the term ‘javascript’ in the URL bar, I think that’s a poor example. Anyone who developers their own scripts can block certain terms from being used in the URL bar with suitable coding, they don’t need to fork out $85 for it.

    I personally still don’t see why TC covered this, there’s better PHP scripts developed every minute of the day.

Leave a Reply

Continue the conversation in TechCrunch Forums

« Previous post
Next post »